I’ve heard that flip phones (and everyone phone, really) have firmware installed that allow the government to activate the microphone of their phones.
I was wondering if Purism/Librem was going to come out with a regular flip phone that just doesn’t have that kind of firmware installed. It would also be nice if it could access the internet so that it could make phone calls over the internet.
I know that there is a smartphone being worked on, but I want to avoid smartphones for other reasons. I’m looking for a flip phone that doesn’t have this “bug”.
Thanks in advance. You guys are honestly doing great stuff and I plan on buying some of your products (whether or not you come out with a flip phone) in the future.
I haven’t heard of any Purism plans to offer a dumbphone. Given their focus on Linux, it probably doesn’t make a lot of sense to go in that direction although to be fair I don’t really know where the exact boundary between a dumbphone and a smartphone is.
For an official answer from Purism, you should email them. firstname.lastname@example.org
That may not be reliable information.
I’m sure there are some phones, whether smart or dumb, that have a bug and the government has exploited that bug to remotely enable the microphone. Perhaps that is more likely on a smartphone.
However “every phone” is a lot of phones. A lot of makes. A lot of models.
Depends where the phone was designed or manufactured, depends what government you are talking about.
The Purism Librem 5 phone will have a hardware kill switch for the microphone - to cut the microphone - so that no intentional or unintentional software behavior can override that. Hence as long as you aren’t using the phone, it is not an audio surveillance device.
(If you are using the phone then there is not much need for the government to listen in using the microphone because they can listen in directly using the phone network - if you are making a conventional mobile call and if the content of that call is the target of their surveillance.)
that’d make for a nice separate thread but i suspect the rabbit hole and the TL;DRs would be quite a challenge to overcome by most readers …
it seems to me that the OP used the word “dumb-phone” (sorry yes he actually said “flip-phone” LOL) to signal that he is in the market for a 10-100 dollahs currency - which is something i fully understand since the L5 (being close to 800$) is not particularly inviting for users that just want to have the BARE MINIMUM …
another point is that whatever the phone (dumb or smart) make or model or state - they ALL have a closed-hw/non-free-software-firmware implementation … the L5 is lucky to employ auxiliary hw-measures for circumventing that walled-off-nature …
Wonderful answer, thanks buddy.
The fact that their phone does that with the microphone is exactly what I’m looking for in a simple phone.
What I mean by “dumb phone” (even though I never used that phrase) is a phone who’s sole purpose is to make phone calls. It doesn’t have any apps besides making phones calls and text messaging. It is basically a home phone, but mobile.
That’s fairly difficult with technology these days. Even a phone with very limited hardware still has great potential functionality.
What’s your level of technological expertise?
What’s your timeframe?
If your timeframe is flexible then maybe keep an eye on https://forums.puri.sm/t/non-linux-phones/9528 which, without an add-on ARM board, is limited in many ways - and simple enough to audit. Perhaps they will do a limited-run model that can’t be upgraded (so there is no bloat, so it is and always will be limited to phone calls). Not cheap though.
That’s where the challenge comes. With a very limited phone, people expect a very low price. However the only way for that to be economically viable for a company to develop is with high volume. But simple and secure wouldn’t seem like a high volume market.
All the cases that I know of involve smartphones. Do you have any links to stories involving feature phones?
BTW, some of the flip phones being sold today are Android Go (like the ZTE Cymbal T) or KaiOS (like Alcatel Go Flip), so they can have as much personal data collection as the standard smartphone. I assume that you want a feature phone (ie, “dumb phone”).
I’m kind of skeptical that the government is doing this with feature phones, because changing the ROM on a feature phone usually involves physically touching the phone, and it would be a lot of work to figure out how to add code to secretly turn on the microphone, because many of the feature phones had custom operating systems.
With a feature phone, you don’t have nearly as much data collection, since there is no GPS and often no camera, and you aren’t web browsing or doing other things that collect as much data. On the other hand, you are using a lot of insecure tech, like unencrypted SMS messaging. You want to use end-to-end encryption for your messaging and encrypted VOIP calls are more secure than normal cellular phone calls. If the government confiscates your feature phone, it wouldn’t be impossible to read the unencrypted data stored on its flash memory, whereas it would be much harder to get that data off an encrypted drive on the Librem 5.
I have to agree with kieran, the economics simply don’t work because people aren’t willing to pay that much for a feature phone. If you want a secure feature phone with hardware kill switches, disk encryption, end-to-end encryption in messaging, and encrypted VOIP calls, then you are going to end up paying close to the same amount as a smartphone.
I honestly have not thought a lot about this stuff. I’m not too techy, so you guys are great.
Can one of you explain this article:
By the way, price isn’t really an issue. I’m just not a fan of smart phones. I don’t like the idea of having a mini computer in my pocket all the time. They’re also bulky and, since I don’t have social media, I don’t even use my phone for anything but phone calls and texts.
If the app can be downloaded and installed as mentioned in that article, then the phones were probably running something like Symbian. According to Wikipedia, there was a Verizon version of the Motorola RAZR that ran Symbian. They were the smartphones of their time.
A phone represents a unique challenge - because a phone that is unable to use telecommunications is not very useful as a phone and a phone that is able to use telecommunications (communicates with the cellular network) is potentially vulnerable to remote exploit.
There are differences and similarities between a smartphone and a dumbphone. (I’m only addressing the similarities.) They both communicate with the cellular network. They both contain some kind of cellular modem. The cellular modem may contain unauditable, blackbox software that can be updated remotely (FOTA). They will probably both contain some kind of firmware that operates the main computer in the phone.
The SIM card is also a common point of vulnerability - as a computer on which simple programs can be run and where that can be triggered remotely.
The differences with the design of the Librem 5 are:
the cellular modem is isolated from the main computer and the cellular modem should not be able to turn on the mic or otherwise able to access an audio stream from the mic unless the main computer provides the audio stream to it
there is a hardware kill switch for the mic so that even if the main computer is itself compromised, the audio stream from the mic should be inaccessible (while the switch is in the kill position).
There isn’t enough information to know exactly how the compromise worked. Understandably, the FBI doesn’t provide technical documentation so that you can protect yourself.
Technology is always moving onwards and upwards though so whatever was happening in 2006 is probably different 14 years later.
Simple is not necessarily secure - although complex usually offers a larger attack surface and presents a higher risk of unintentional defects.
Fair enough but I think you may be swimming against the tide.
Unfortunately then the Librem 5 v1 is not for you, smart or dumb.
The issue is the modem (the transmitting/receiving radio of the phone) it really affects any very common modern phone made so far.
They are reasonably complicated, and they need to be to:
Handle the huge data streams of today
Smoothly hand over between WiFi and cellular without stopping
Smoothly hand over between multiple cellular base stations as you drive
Go into a deep sleep to save battery being drained but wake and connect fast to give reliable signal
Once a company spends tens or hundreds of millions to develop the hardware and software required for the above, they don’t like to give it away. They don’t tell people fully how it works or what goes on in there, and if all those manufactures do the same, what do you suppose they say to the 0.01% of end users who contact them and say “hey, what exactly is going on inside that modem thingy you made in my phone?” - they say “not telling, go away”
Whats a bit more scary is to learn that the modem, not only has a lot of smarts, but:
That it can receive remote commands from the network operator.
That its the first part of the device to start up - so it has access to the CPU (brain) of the phone at its most vulnerable (booting up)
What goes on cant really be supervised by the phone itself in that state.
It doesn’t mean it’s all an evil plan to take over the world though. For example it would be unfair not mention that item 1, is also a function that allows the network to send the local emergency services phone number to your device, so wherever you are in the world, you should be able to make an emergency call so that without an account or credit.
You guys have all given me such great answers.
It’s made me have to search in a panic for a flip phone (even though before this post I thought I could just pick up anyone)
I was able to find something called “Mudita Pure” that is apparently being worked on thanks to IndieGoGo.
It’s some super hippie phone so it has a bunch of features that I just don’t care about, but it has a few features that I think should “protect” me.
It can’t access the internet
It can only talk and text
It has it’s own (sadly, proprietary) OS, but I find it hard to believe that a bunch of hippies want my data, and even if they did, it has no access to the internet, so they can’t grab any data without physically taking my phone
I was wondering what you guys think. Here’s a link to the product:
By the way, in case someone from Purism is reading this post, don’t feel bad about me not buying your smart phone, I do plan on buying your laptop. It’s just too bad that I bought a new laptop a couple months ago, so it probably won’t be for a couple years.
Mudita Pure can serve as a data modem for your notebook or desktop computer. We decided to enable tethering via USB C cable so that Pure can be used as an external GSM modem. This was a decision made to further minimize the SAR value of Pure. We consciously chose not to equip Pure with a mobile internet browser as this device supports living an offline life.
So even though it doesn’t ship with a browser, it’s still connected to the Internet, despite their claims. You just can’t browse webpages on it. Another issue is that it’s “ready for digitally signed updates,” which is secure in that an attacker can’t install a malicious update without their key, but if they decide to stop developing MuditaOS, none of the users can continue development like with Linux.
If your main concern is security, you have to be able to either trust the firmware running on the modem or fully disable the modem. Since all modem firmware is fully proprietary and closed source, none of it can be trusted, which only leaves disabling the modem. This is accomplished with kill switches in the Librem 5 and Pinephone.
If your main concern is the overuse of mobile internet, you’d be fine with the Mudita Pure or the Light Phone 2. Both have Internet connectivity but don’t have browsers, email clients, etc.
For comparison, the Mudita Pure is selling for $295 and is currently supposed to ship in October, while the Light Phone 2 is selling for $350. I can’t figure out if only the black model is on preorder status and the gray model is currently shipping, or if both are preorders and they just made a mistake on their website. It’s either currently shipping or is supposed to ship in September.
So let’s say that money is no object LOL, maybe a Librem 5 customer can achieve a dumb phone by physically removing the WiFi/BT card and do apt remove on enough packages to get the desired limited functionality / reduce the attack surface and maybe disable the camera and GNSS better. Maybe Purism could offer that as an alternative configuration i.e. out of the box cut down (since I don’t think there’s anything that the customer can really do about the camera and GNSS).
they also write “There is no camera and no Internet browser. Microphone, Bluetooth etc. can be switched off.”
no camera. no browser = great. mic and BT to be switched off would require the switch to cut electrical power to the mic and BT but how can we verify that since this is a proprietary phone. take it on trust …
on the other hand that E-Ink would be great for old-timers and sunny days …
the keyboard is only for small, delicate fingers. this is a no-no for some of my comrades …
Wasn’t there also a project to design a phone that used something like a 6502 processor to control everything and act as a kind of firewall between its other, less auditable, more modern components? (The idea being that the code running on the 6502, and the 6502 itself, would be simple enough that one person can completely understand it.) I cannot for the life of me remember the name of the project or the person who was doing it, and searching the Web just turns up mountains of unrelated pages about other phones.